{ "Event": { "analysis": "1", "date": "2025-01-30", "extends_uuid": "", "info": "[Threat Intel] Tria stealer targets Android users for SMS exfiltration and financial gain", "protected": false, "publish_timestamp": "1780040380", "published": true, "threat_level_id": "2", "timestamp": "1772902037", "uuid": "6ce88478-5011-443a-821c-02a5caf4fe00", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#e1e5b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Control - T1582\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Brunei\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Call Log - T1636.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1660\"", "relationship_type": "" }, { "colour": "#8eb1d9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1481\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internet Connection Discovery - T1422.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"GUI Input Capture - T1417.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Device Administrator Permissions - T1626.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Messages - T1636.004\"", "relationship_type": "" }, { "colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": "" }, { "colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": "" }, { "colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": "" }, { "colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1738322638", "to_ids": false, "type": "link", "uuid": "7af11e96-2483-4edb-8c90-17a8fa877cbd", "value": "https://securelist.com/tria-stealer-collects-sms-data-from-android-devices/115295/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1738322638", "to_ids": false, "type": "text", "uuid": "ff2c1145-320c-412d-b088-d596a0e78cce", "value": "Since mid-2024, a malicious Android campaign dubbed 'Tria Stealer' has been targeting users in Malaysia and Brunei using wedding invitation lures. The malware collects SMS data, call logs, messages from apps like WhatsApp, and email data from Gmail and Outlook. It exfiltrates this information to Telegram bots used as C2 servers. The threat actor exploits the stolen data to hijack personal messaging accounts, impersonate victims to request money transfers, and compromise other accounts. The campaign is likely operated by an Indonesian-speaking threat actor based on language artifacts found. The malware continues to be actively distributed as of January 2025, focusing on expanding its victim pool and financial fraud." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1738322638", "to_ids": false, "type": "text", "uuid": "60e06773-e870-478e-920a-1a689fe700cf", "value": "Name: Tria stealer targets Android users for SMS exfiltration and financial gain\nAuthor: AlienVault\nAdversary: \nTags: [\"stealer\", \"telegram\", \"brunei\", \"android\", \"tria stealer\"]\nTgtd countries: [\"Malaysia\", \"Brunei Darussalam\"]\nMlwr families: [\"Tria Stealer\"]\nAttack_ids: [\"T1094\", \"T1582\", \"T1412\"]\nIndustries: []" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1739004339", "to_ids": true, "type": "md5", "uuid": "0757e5ed-33cf-4b69-8d05-c430d36ef583", "value": "43c6cb115876bf791a7816a3c7791ea8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1739004340", "to_ids": true, "type": "md5", "uuid": "b3eb3241-242d-4887-9e55-f1b5ee083164", "value": "6344466e975f89d8992080e2f0741661", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Telegram bots", "deleted": false, "disable_correlation": false, "timestamp": "1739002565", "to_ids": false, "type": "text", "uuid": "8f5202a6-4b4c-4ec2-b107-24baa47db557", "value": "7112694573:AAFHHrDEy-iwmlyYB7JZDXS6iwCFq6NMkEc\tadffg_404bot\r\n7081364304:AAG6FcxeZtkc98RlhjLXnP2LDMG4DEy9C6s\tBeinfooo_bot\r\n6544439978:AAE0uKQog9_ncKNsmlgQuoz8jSmahQZ1X2M\tbosinfooo_bot\r\n7462160646:AAELOVCtGCZP6bN3j-2n13BFj1-m2X0csCg\tbukanspamhuy_bot\r\n6638550564:AAGalDVGRDkstOZ03vpl3nTUn6g0qYnHSJk\tDalllez77_bot\r\n7048703894:AAFA64ghS6hE3H96SyMLz_7nplj7beTn6kM\tdemo_hey_bot\r\n6460021704:AAEqy8oTs2aFCBf6Z1_4oeSVSeRuHkf8BJc\tdmspmbot\r\n7182267203:AAFnGr0m9lAgsrvxrKyMNwykdwBx3GES3g4\tEmpatLima454545_Bot\r\n7183780742:AAFyUu_yFQ7WzspK_tPe_oTEtqeBbuzeVQs\tErorrrrr_bot\r\n7004348743:AAFjC2fdmkdlobDOS_CDs-4zlLdcM4ZLIU4\tgeeeeyl_bot\r\n7155428051:AAGo5mBcUNlv5GXesDomY0kmICv57QK5Gdc\tMa7ko_bot\r\n6997362162:AAGq-yxpaI7ciRwMovIEfq_vKRiERtL9h_c\tMr_Boy999_bot\r\n7427152480:AAGdMhWSn6lkLur6qlG0N6q92i0PFvcaiN8\tnewsinfohuy_bot\r\n7428836801:AAEhvj2eEKUjH5Rg76sr02tm6ubgqmpVXNA\tokeetessuc_bot\r\n6663431103:AAEJYxnkOaaSD0yuLjll49B3UUlHsr0T35A\ttcausmytc_bot\r\n7245598298:AAHcn9EndJ-peGQD6a4wBNXhx9HaYmXDGoA\ttcththsatu_bot\r\n6971388615:AAHEFDoHF3E6CdbAWgC6dg6wYg741RRWXAw\tvenitcuc_bot\r\n7123651826:AAGYmP8pUZUzqshR-oOQndFM-u25A7F5ams\tWa86_bot\r\n7052659548:AAEAiHIDq_Wtr0sy9DSUlx2Zi4Rp2PaEGhA\tweachatt_bot\r\n6373705951:AAHgGVw_OXvXbuZHFAQNlWiARRETgRuRYU4\tWeheebot\r\n7081353385:AAFxw7UkQUiJPhJ-h4Nk2ZV02_JVcsiy-8U\tworkinghus_bot\r\n6931159844:AAF2DDIwXvWyvLbOKtuptPfE__AW_QbAAgc\tXin69999_bot\r\n7127627140:AAHu-WX7jnhIIDI7Qv21omXALAV4DJ-sa2Y\theyt077_bot\r\n7231091758:AAHEo7QNythFlHOa6s_gpSDzvb1oVYEMM5M\tHeyt378_bot\r\n7545156259:AAGILcWHcP6MiYgEmRCZbm3-Sh2UwP2CPJw\tBijiontameledak_bot\r\n7362820488:AAEaoqD6ZObICBdNU9Ih_RoAggFWXPnAwnc\tHeysatu_bot\r\n7339265971:AAFp_alNY0L6BXrNo_BX6W15SSloZ5XgBaU\theyt721_bot\r\n7452580223:AAHLvKsBrhbzyjvF2mK6Ac4X67n1rhBFYt8\theyapp721_bot\r\n7270774627:AAEe7BnL1hGMr83Dn-wy1lwMX-x1d_d_ZXo\tHeywhatssatu_bot\r\n7387092110:AAHBMveHZERcyzu9tw4Bh8__f0PmRjRmph4\tHeyapp378_bot\r\n6457485799:AAF_5mQnxoeIRqzK3B3PPv_gFcM5-g8T2cY\tFash66kkkkkkk_bot\r\n6765461490:AAEJR-V_QAPlAMvGy3ELM9V0hVs1IcDjIk0\tHehahaahahbotfash_bot" }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770862982", "to_ids": false, "type": "comment", "uuid": "388e4139-bf5d-46b4-bc5a-5c80853e9fdd", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2025/250130-Tria-Stealer/7.png" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005226", "uuid": "afcbc520-be9d-4166-aa57-84fd5f79818e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005226", "to_ids": true, "type": "md5", "uuid": "9426cdd2-8ee2-4727-b071-7608d9a355b9", "value": "0e837107c42ee8282fd273e4a100b2de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004318", "to_ids": true, "type": "sha1", "uuid": "b2997a1c-2cf5-4986-a2c0-14b41ed90230", "value": "84096a9eea7748b57181a9ba9a5c1287e18b9700", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004318", "to_ids": true, "type": "sha256", "uuid": "3659710f-3b9e-4ad1-9733-dba61a2dec7f", "value": "f8027bd3df43e6e0e94a13191fc9cc4a3c5e81e21789c22587852c2a718f0c51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739003933", "to_ids": true, "type": "ssdeep", "uuid": "7c27ce41-1270-4536-ac5f-6fca6e481051", "value": "98304:xHoOnHlwmhsI9rkZzdrgr/igohhuxw4EYi/V90etW9gkgLCrM+sRe:x7jr9gpMNScsY2VyetYd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739003933", "to_ids": false, "type": "size-in-bytes", "uuid": "b985ef66-5b98-43f3-b81a-4c8b6357e242", "value": "5162661" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739003933", "to_ids": true, "type": "vhash", "uuid": "b18a5229-8134-46ce-b727-c99a260b5e05", "value": "e6f0fcea235c9a7cd314bb91beeb3ecf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739003933", "to_ids": true, "type": "filename", "uuid": "ec7b956b-49b2-4bdc-9b50-6c8dad59b6ba", "value": "JEMPUTAN PERKAWINAN (2).apk" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739003933", "to_ids": false, "type": "text", "uuid": "566015f4-1aef-44e4-a174-e5df11016794", "value": "Type Description: Android\nSymantec: Trojan.Gen.MBT\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:24/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005248", "uuid": "9c629b33-9299-4b7f-8e17-6684285af9b6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005248", "to_ids": true, "type": "md5", "uuid": "ca832806-94ff-4270-9879-cb99130fef80", "value": "162ed054914a8c71ad02126693c40997", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004319", "to_ids": true, "type": "sha1", "uuid": "5175a551-3165-4ef8-9da2-0851f0efba33", "value": "5eec510b7d98d2ce47b4b9fa6d8c7449a5b4f4b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004320", "to_ids": true, "type": "sha256", "uuid": "1b303cb5-c6de-4b7f-a70b-6d9f7b5dca6e", "value": "43789dee64640abe2d08cb89e99b39b58bb297d8e1cea9bdc0a2aedbf7c7a46e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739003954", "to_ids": true, "type": "ssdeep", "uuid": "155d8609-281f-458c-9f71-f8299bcc683f", "value": "98304:joK3+s9COd2idSB7YT/WHvQWJ3zlCxDE6JUaJZQfJ5oL0aUXFdn:UtsddzE7i9WJ3zIDrI5MS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739003954", "to_ids": false, "type": "size-in-bytes", "uuid": "75c37d64-3051-4209-ae3f-9d168e0400dc", "value": "5681801" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739003954", "to_ids": true, "type": "vhash", "uuid": "21d3c7d2-f0fc-493e-ab06-80b008000326", "value": "9ab5b75a296398545b5632a495e48e72" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739003954", "to_ids": true, "type": "filename", "uuid": "5d4be747-d885-4bd5-a1ca-9084971326b5", "value": "On delivery Parcel.apk" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739003954", "to_ids": false, "type": "text", "uuid": "1f9fc480-b975-4832-aed1-9f22f0da553e", "value": "Type Description: Android\nSymantec: Trojan.Gen.MBT\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:24/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005269", "uuid": "372a88ce-2464-418f-9dc1-ec5850c7d174", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005269", "to_ids": true, "type": "md5", "uuid": "4a99558d-2d0e-4af8-a4e6-cca2d05d3747", "value": "3993142deafce26820411191e4fa9af8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004321", "to_ids": true, "type": "sha1", "uuid": "441f6faf-6325-496b-b6db-e6ac202f258a", "value": "87adedc81f26a47f5cbfa5d6163617967f00be77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004321", "to_ids": true, "type": "sha256", "uuid": "54e1ca6a-a022-44e1-a15c-805a22fbf999", "value": "63c971652d9313665df835836d1d36e602b7dbfef4ed21083f1adf8e4dceac74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739003976", "to_ids": true, "type": "ssdeep", "uuid": "c1ccbcb6-6c2c-4211-ae48-2f12e829267a", "value": "98304:ex6rDa4etlbRE8LRkYAAj+M8fJlzmQu32/h1yKaEz/2SCRdAHjVIox9o/KrhIqF9:exQaJTPNk/M8fJlzmQuSmnEzOSqdAHjT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739003976", "to_ids": false, "type": "size-in-bytes", "uuid": "677a6317-5cad-47a3-89b4-bc98733420a6", "value": "5300997" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739003976", "to_ids": true, "type": "vhash", "uuid": "927a17a5-5798-4885-a380-2e09dfa6d10e", "value": "e1a85e393e41e3eea497bd2b8ba7f06a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739003976", "to_ids": true, "type": "filename", "uuid": "d268599d-ff55-4749-a690-57d45028bb29", "value": "KAD JEMPUTAN PERKAHWINAN.rar" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739003976", "to_ids": false, "type": "text", "uuid": "b56b25b6-d413-449f-bcba-fe9501927881", "value": "Type Description: Android\nSymantec: Trojan.Gen.MBT\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:24/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005291", "uuid": "59e16aa0-01eb-4dc8-bf02-8402f463b910", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005291", "to_ids": true, "type": "md5", "uuid": "84f5f948-30aa-4149-b2b4-7bef28c847f3", "value": "448fd25e24980bb0abd1208b0395a8e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004323", "to_ids": true, "type": "sha1", "uuid": "69a9952a-530d-4e7e-a8c7-237e6a2c3d47", "value": "d41618b4cd40872be1faf1cc6936e182da4600f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004323", "to_ids": true, "type": "sha256", "uuid": "66675bd2-6c21-48aa-9b88-affc316f3a4f", "value": "c7721857e90a5c0f97c0b62c7fe06b19d1bde18a08e57127785687b5aa7c65da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739004018", "to_ids": true, "type": "ssdeep", "uuid": "e4de9f85-8e9b-46a4-8f68-d87f5c525c38", "value": "49152:yM9M3s5/9zMg9bauFQ7oLfAOXUg/aCo/KrOQG8vaeZ:a3M/Ko1W+vo/KrO/8yeZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739004018", "to_ids": false, "type": "size-in-bytes", "uuid": "88a78342-3af3-4594-a52d-168aa60450b2", "value": "2532204" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739004018", "to_ids": true, "type": "vhash", "uuid": "4b2c70eb-d7df-4aec-9120-af53c2f96c58", "value": "b0bc1e97a1b8a174a46d7d3fc629f07f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739004018", "to_ids": true, "type": "filename", "uuid": "bfc46d84-2759-4138-9d56-abff5661540c", "value": "UNDANGAN_MAJLIS KAWIN (7).apk" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739004018", "to_ids": false, "type": "text", "uuid": "96536169-c60b-4740-a4a2-f04e5dbeff69", "value": "Type Description: Android\nSymantec: Trojan.Gen.MBT\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:23/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005312", "uuid": "0ef781cb-ce9c-455f-8813-a8b97b120ba6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005312", "to_ids": true, "type": "md5", "uuid": "4f343593-5217-43b8-9397-704f96b1dd61", "value": "4e7a72f32d5b6679a58c8261049d063b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004324", "to_ids": true, "type": "sha1", "uuid": "072ac7ef-5bdf-40d3-9387-491fd6e76a1c", "value": "e8fa2d5a228dec0420b33ddbf072c3baf2c5cc11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004324", "to_ids": true, "type": "sha256", "uuid": "14a62053-6160-42cf-88a9-f310ae06ac9f", "value": "fa7fb699dfdaebc562b3c5a22ba56ae3ec45d67f909262d37938335165c95a6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739004040", "to_ids": true, "type": "ssdeep", "uuid": "e603ae39-9bd6-4d83-bbdd-67add86e8c7f", "value": "98304:HqGJzRr2Jh7Rh5DsoBdO1l/G5KmhybI01nJ0g9cB9Wvjim4Vf:HqyzRCDRjoXXaKmhybI0ptoIm1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739004040", "to_ids": false, "type": "size-in-bytes", "uuid": "9300a8dd-16c8-429a-831e-1f13d35ac583", "value": "5383199" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739004040", "to_ids": true, "type": "vhash", "uuid": "71b14417-9789-499a-ad71-85b403d1b630", "value": "f2c50716e6292044167f0259d0002de3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739004040", "to_ids": true, "type": "filename", "uuid": "04f88f7f-dc30-4cee-8e94-296d684da39d", "value": "??? ??????? \u2709\ufe0f ???????? ?????? .apk" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739004040", "to_ids": false, "type": "text", "uuid": "6e7fe010-9643-46a7-b7cb-d5442dd93a86", "value": "Type Description: Android\nSymantec: Trojan.Gen.MBT\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005333", "uuid": "fade2762-89f1-4886-ac93-d8b15adc5e5e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005333", "to_ids": true, "type": "md5", "uuid": "47aaac3c-6b7d-4b17-a036-6d69244592fd", "value": "4ff2572a40300c0cce4327ec34259902", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004326", "to_ids": true, "type": "sha1", "uuid": "da8c6bf9-e9c8-4b5a-bb7c-05a5151028cb", "value": "aa76bf137ed49d4fee1642e8fe9d0c9793c454de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004326", "to_ids": true, "type": "sha256", "uuid": "b7bb0a98-80f2-4611-8610-c577a01fc8fa", "value": "3fb017819d66a7d6593b8829225a2fa83d7203f4698b40df7fc91696887cd4c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739004061", "to_ids": true, "type": "ssdeep", "uuid": "2a93ae96-8251-410d-81b6-526ce10a41b9", "value": "98304:ZfyBeTN86MpxJuCLw1Vy0rD/HlMWSk16BKehQQ21woXYXDKN4H4s:wsTNxnl1VyYGWB1uzZ21BXY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739004061", "to_ids": false, "type": "size-in-bytes", "uuid": "5f14751a-8c09-45c2-90a1-99a720fa41d3", "value": "4928921" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739004061", "to_ids": true, "type": "vhash", "uuid": "7d88df76-e5c6-4d78-bb14-d28441d0c778", "value": "277de4a5f2c823145fd0cf812b6c2aa5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739004061", "to_ids": true, "type": "filename", "uuid": "ea4cbfef-b9d6-4d17-9e2d-7d185d5487ea", "value": "Penyampaian SPT Elektronik \u25cf Tagihan Pajak Anda \u25a0 Direktora...unknown" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739004061", "to_ids": false, "type": "text", "uuid": "f54fffdb-f956-4f07-8635-547fc68cd712", "value": "Type Description: Android\nSymantec: Trojan.Gen.MBT\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005354", "uuid": "7ef44c57-935f-4daf-9a41-e32747a1b813", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005354", "to_ids": true, "type": "md5", "uuid": "c8af3e28-6b7c-4a02-965f-9ba59cd68f9a", "value": "5ed3ef03ca89c67bf93bb9230f5e4e52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004327", "to_ids": true, "type": "sha1", "uuid": "f1d0fcf6-8cdb-47b2-b494-aab76942c9cc", "value": "5f5e2c02f76916072ed879ab30d6e74b23105506", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004327", "to_ids": true, "type": "sha256", "uuid": "4500e495-0871-463a-9c2a-9597c436b024", "value": "23c8ab4a1cb858921efd7da9cbc95ada69423e64a6d931ee4a773c1431417171", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739004083", "to_ids": true, "type": "ssdeep", "uuid": "d22e38c3-f631-4a7b-a7aa-d12c56cdeed1", "value": "98304:tqvUjS2RctdBwQZ+cpAXwAeGD9qodRMu4kVsG5x4JTpFcR7:tqviS2R6dBwQcpwiEQZVsG5xOTp87" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739004083", "to_ids": false, "type": "size-in-bytes", "uuid": "b64e776b-20d0-4279-9bbf-98aecf17d224", "value": "5156838" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739004083", "to_ids": true, "type": "vhash", "uuid": "851fc2ce-0a6f-42f2-8349-c9528e5b0217", "value": "c120dbf1b1962103648f7fb1c8118c9f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739004083", "to_ids": true, "type": "filename", "uuid": "f1ade473-cc0c-4354-8f29-b78522432f03", "value": "\uff30\uff24\uff26- \uff2b\uff21\uff24 \uff29\uff2e\uff36\uff29\uff34\uff25 \uff2d\uff21\uff2a\uff2c\uff29\uff33 \uff36\uff29\uff24.apk" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739004083", "to_ids": false, "type": "text", "uuid": "7b4cd5fc-e208-4db7-8141-ed627c9531ff", "value": "Type Description: Android\nSymantec: Trojan.Gen.MBT\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:24/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005376", "uuid": "e3dee229-be5b-4862-a07e-df4aabeff3b9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005376", "to_ids": true, "type": "md5", "uuid": "4c31a603-4ba7-4d55-a620-0dca5dab9134", "value": "96143c28e7937f64ecdb6f87510afbbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004329", "to_ids": true, "type": "sha1", "uuid": "4cf52c67-2a35-4fbe-828b-7efb0c8aee9c", "value": "65a972d9125bc539cbd6462c8ea633fdcf53ee05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004329", "to_ids": true, "type": "sha256", "uuid": "c0950fc6-ad2d-4117-a356-4317ce2fb2fe", "value": "761669942e0da89ad2c20f0a36008050db2027defb48a9fcf490eb959bc7dcdd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739004125", "to_ids": true, "type": "ssdeep", "uuid": "4f6e4f54-d371-4a16-90ab-ba5101778abd", "value": "49152:7IFboLk2P4YzHzCmtJ7iOrRBJHFG60Ug/ato/Kr7zePEaujlfLk76:7IFbWtzTCmtFiOrjJl/o/Kr7CPctg76" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739004125", "to_ids": false, "type": "size-in-bytes", "uuid": "820a25ad-03c7-4653-9de4-4065aae38664", "value": "2963038" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739004125", "to_ids": true, "type": "vhash", "uuid": "318e53ce-45ef-4a94-8d4f-48035a12093e", "value": "7da20f74d6db206bf2ba756e842c9484" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739004125", "to_ids": true, "type": "filename", "uuid": "37c3bb29-7569-403b-939c-c186321e80af", "value": "JEMPUTAN-MAJLIS-DIGITAL.apk" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739004125", "to_ids": false, "type": "text", "uuid": "24cf7414-0a87-4845-9dc6-5905c2f2f345", "value": "Type Description: Android\nSymantec: Trojan.Gen.MBT\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:25/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005397", "uuid": "e9910c99-590c-412f-9727-de5e30c30be5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005397", "to_ids": true, "type": "md5", "uuid": "13e75d94-555e-4e68-8116-a747391fbdeb", "value": "9698fa3e7e64272ff79c057e3b8be5d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004330", "to_ids": true, "type": "sha1", "uuid": "3e9e5f1b-5014-480a-8b9e-064cd8f8ecc7", "value": "8ed9ce8dfdf559c857eda818c9e77c6db697efee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004330", "to_ids": true, "type": "sha256", "uuid": "b1e02586-d99b-4150-864a-0e3a72a460fe", "value": "353af529dba68b0276d1ef24444b7306f894fef4d2ccc88817d742d5f818fc30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739004147", "to_ids": true, "type": "ssdeep", "uuid": "4d1fe480-95a7-4a8a-a9fe-c47c88598a8d", "value": "98304:9/xHHjVFOtEKKFPPAHMP+6Mg6u8Ue1gOTVFwZnHcXaAXbTM4TjP+6v5/BUd2ZrYy:9/xnjVFOahos2o6nUe13fwZ8ZnP3tBn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739004147", "to_ids": false, "type": "size-in-bytes", "uuid": "271fe049-509c-4df5-ad8b-d9e72329426e", "value": "4936667" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739004147", "to_ids": true, "type": "vhash", "uuid": "821dd667-3340-4fdc-b0f9-c18890a37fb2", "value": "92108b2c6292c04afca364dca3110c34" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739004147", "to_ids": true, "type": "filename", "uuid": "66f5c148-7f14-4bf8-8017-3f9e52eddd04", "value": "M-Smile%20Credit%20Card.apk" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739004147", "to_ids": false, "type": "text", "uuid": "a5591bba-c0ba-4b96-83a3-628c10bccd75", "value": "Type Description: Android\nSymantec: Trojan.Gen.MBT\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:25/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005419", "uuid": "9895e12f-f1d8-488f-936c-4d4a2d255623", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005419", "to_ids": true, "type": "md5", "uuid": "30034e70-b7da-4047-beeb-6b69fe9c9c76", "value": "9a0147d4c9d6ed3be82825ce35fdb4ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004332", "to_ids": true, "type": "sha1", "uuid": "5714a750-e0b2-4158-a75b-0f86d8d9f1c4", "value": "ee208114784ca8644009acb320413529f846de38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004332", "to_ids": true, "type": "sha256", "uuid": "5d2f625d-567c-4491-9a21-a991b2d3bce3", "value": "4c772ab13a0055b03ac15c05e00635d1a72254d8dfdbd6b7461c8b6d2a504618", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739004168", "to_ids": true, "type": "ssdeep", "uuid": "82bf9d96-8cc4-46de-809e-1176f3e61f7c", "value": "98304:kxue6o3nlCLb0hD1F8XL8O6VR4vCMgGzvFICnNdwDKN4H4+:y9IH0hD1aXL8O6V2tgGzNICnO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739004168", "to_ids": false, "type": "size-in-bytes", "uuid": "b8be0564-2cc1-4c09-8b62-c41f692cf5d2", "value": "4920277" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739004168", "to_ids": true, "type": "vhash", "uuid": "effdded0-81ca-4c92-8bc3-24470ab1d168", "value": "2e4b20bd179a974ad0f36ea012fe0ed3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739004168", "to_ids": true, "type": "filename", "uuid": "ed6d358a-78c3-447b-8d04-892b7d3dc80d", "value": "Bocoran%20soal%20cpns%202024_sign.apk" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739004168", "to_ids": false, "type": "text", "uuid": "86b5ef84-583d-412b-8733-737d2a8e7d29", "value": "Type Description: Android\nSymantec: Trojan.Gen.MBT\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:23/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005440", "uuid": "76fc832b-841f-4ea0-833a-c3b01dff7590", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005440", "to_ids": true, "type": "md5", "uuid": "bb632d7d-1867-4c9f-8ba8-ae3caf0fae0b", "value": "b8f4ac57c06755e98ecd263020aeaa82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004333", "to_ids": true, "type": "sha1", "uuid": "529f4fc4-cc18-4d67-a01b-f18c76a291d3", "value": "18d46b2e47c5e8758879219ab90957fd2e313b01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004333", "to_ids": true, "type": "sha256", "uuid": "42034486-4542-423e-8159-c30b28b4f367", "value": "cbb10ed2e793fa54afe32365cbff23f64623a8773d2e50bf44c2084faec4506e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739004189", "to_ids": true, "type": "ssdeep", "uuid": "78c98f2c-27a9-49b7-a2e7-8267d0d72cd0", "value": "98304:RctdBwQZ+cpAXwAeGD9qodRMu4kVsG5x4JTpFcyHjVIo49o/KrhIq2:R6dBwQcpwiEQZVsG5xOTp9HjVjjq2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739004189", "to_ids": false, "type": "size-in-bytes", "uuid": "fe15370a-01f8-4ace-bf5c-05b677e3b619", "value": "5300997" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739004189", "to_ids": true, "type": "vhash", "uuid": "d1b97f87-e469-4136-afa3-e0a99b502128", "value": "e1a85e393e41e3eea497bd2b8ba7f06a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739004190", "to_ids": true, "type": "filename", "uuid": "21df5618-1061-4e33-b242-cac5ba1476b8", "value": "Jemputan perkawinan.apk" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739004190", "to_ids": false, "type": "text", "uuid": "f2140913-3439-4b3b-a43f-bfad84cc8227", "value": "Type Description: Android\nSymantec: Trojan.Gen.MBT\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:24/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005462", "uuid": "4df5d8cc-c6f4-4494-954a-8caa061b445a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005462", "to_ids": true, "type": "md5", "uuid": "3ce9a394-785a-4ea3-9055-d46b74a8efac", "value": "daa30cd6699c187bb891448b89be1340", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004335", "to_ids": true, "type": "sha1", "uuid": "9c2471e7-3dec-478f-9944-f8ce1b142d1c", "value": "820816b8edd3cbf48d3217d1ffab7c8fb463efd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004335", "to_ids": true, "type": "sha256", "uuid": "000f0151-7912-46f5-8624-376a2596cdf7", "value": "bb33b473949e06be95c07116e1f2db35f4b51d20d7ec26a6f512835170a43747", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739004211", "to_ids": true, "type": "ssdeep", "uuid": "99b30613-0b37-4e87-9e36-d5ffeb400573", "value": "98304:KTUWQ8/rUKDzU87SWbFnVNyYdOYmwKOQarbcDSOkC9d2ZrYrHF:KTLHPSw7Nd8v0rr3Okk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739004211", "to_ids": false, "type": "size-in-bytes", "uuid": "d08f2387-b04c-4f9c-a7e2-287d28e33a70", "value": "5508846" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739004211", "to_ids": true, "type": "vhash", "uuid": "ff44ad7f-d7aa-4a09-bbae-c189623f0bff", "value": "5862970d38a1cf2c9b7f66b05d29a5da" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739004211", "to_ids": true, "type": "filename", "uuid": "8ab4e50e-3445-4362-860a-572ea32f9123", "value": "undangan pernikahan?\u200d\u2642\ufe0f??\u200d\u2640\ufe0f?" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739004211", "to_ids": false, "type": "text", "uuid": "d7653865-e716-4e62-a25c-70c5f909bceb", "value": "Type Description: Android\nSymantec: Trojan.Gen.MBT\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005483", "uuid": "547c22a3-e5dc-4a11-9c61-f56feda58fa3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005483", "to_ids": true, "type": "md5", "uuid": "8eb75824-a7b3-456a-8029-10f7082dfdc5", "value": "de9384577e28c52f8dc690b141098969", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004336", "to_ids": true, "type": "sha1", "uuid": "3e5e4e72-aa1b-40a9-956a-50ca1ccdbb86", "value": "dbd559728c551152e14e3b0d604fee2757bd1bdc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004336", "to_ids": true, "type": "sha256", "uuid": "821e8843-0059-4334-b18c-f70239b662ac", "value": "9c0233f14d396bb1d0bb2b88843b1a8a87cb2ff0566fd99d71015659412f6352", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739004233", "to_ids": true, "type": "ssdeep", "uuid": "7611a31c-af6f-43fa-a33d-28070016370c", "value": "98304:7orm8L15nCMVuVpcMiPFegFVDkuZjqdVnZ0tk8o8bHjVIoW9o/KrhIqaU:srmOpVOywg3tZsZZToHjVjVqF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739004233", "to_ids": false, "type": "size-in-bytes", "uuid": "e0db7699-bebb-4c43-9971-e4ecb13c30a7", "value": "5300997" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739004233", "to_ids": true, "type": "vhash", "uuid": "c6de57b9-6a8d-4a92-94ca-db8563557dbf", "value": "e1a85e393e41e3eea497bd2b8ba7f06a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739004233", "to_ids": true, "type": "filename", "uuid": "79204535-d1e3-4316-bdb3-34085db55974", "value": "JEMPUTAN MAJLIS PERKAHWINAN.apk" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739004233", "to_ids": false, "type": "text", "uuid": "ee70e7f4-2bc8-4fe3-8d0f-87c5e7bc9c2a", "value": "Type Description: Android\nSymantec: Trojan.Gen.MBT\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1739005505", "uuid": "b6a9f53f-87a3-4e6e-9366-589f1ce2c10b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1739005505", "to_ids": true, "type": "md5", "uuid": "2ff89c1c-43c4-4bdd-b762-c26aa329af41", "value": "e4da1332303b93f11d40787f7a79b917", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1739004338", "to_ids": true, "type": "sha1", "uuid": "c8fb7eec-976d-41ca-bf18-b9dc3968a27c", "value": "8c073674baffe348f34ecce7bccf33d78cb7b30a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1739004338", "to_ids": true, "type": "sha256", "uuid": "727f715c-6125-4704-bac4-c293520567b0", "value": "9a6d929ed751f77947d7dce7f95b41495e0e123bc1ec99a8ddfe509b97d947f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1739004254", "to_ids": true, "type": "ssdeep", "uuid": "ff664cda-d86b-44cd-9769-8642d906b918", "value": "98304:9d2ZrYrWRwaCTmFZl0gQ3GbvZRl977xHWJSS6J+w5Op9NBMncr06ZyegVn5x5lU:2waCTmF70L3cvZ5x2v6JxO3NBMncrLcW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1739004254", "to_ids": false, "type": "size-in-bytes", "uuid": "8da48063-d1a5-4fd3-ad12-45379134c15e", "value": "5479983" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1739004254", "to_ids": true, "type": "vhash", "uuid": "cc16ec2d-1b4c-472a-a677-d730c61c6cbb", "value": "b8fa4a350749995e0a21386b88ce7e25" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1739004254", "to_ids": true, "type": "filename", "uuid": "0a68db96-ef67-48a4-a279-093a73ba8f03", "value": "BUKBER Tempat Lokasi" }, { "category": "Other", "comment": "Checked: 08/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1739004254", "to_ids": false, "type": "text", "uuid": "ef73fc2f-184e-4e37-9b72-24bfc5dcbb72", "value": "Type Description: Android\nSymantec: PUA.Gen.2\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:25/65" } ] } ] } }